Vocabulary Flashcards
1
Q
access control
A
Sum of all the technologies, process and personnel that are responsible for controlling access to resources
2
Q
account deprovisioning
A
the process of removing access and disabling an account when a user no longer requires access to cloud resources
3
Q
account hijacking
A
an occurrence when an unauthorized party gains access to and takes over a privileged account
4
Q
account provisioning
A
the process of creating user accounts and enabling access to cloud resources
5
Q
address allocation
A
the process of assigning one or multiple IP address to a cloud resource; this can be done either dynamically or statically
6
Q
adverse event
A
an event that comes with negative consequences
7
Q
aggregate risk
A
the combined risk of multiple individual security flows or vulnerabilities
8
Q
agile
A
an SDLC methodology in which development and testing activities occur simultaneously, cyclically and iteratively
9
Q
anonymization
A
the process of removing information that can be used to identify a special individual from a dataset
10
Q
Application Programming Interface (API)
A
a software-to-software communication link that allows two applications, such as a client and a server, to interact with one another over the Internet
11
Q
application virtualiation
A
the process of encapsulating (or bundling) an application into a self-contained package that is isolated from the underlying operating system on which it is executed
12
Q
applistructure
A
includes the applications that are deployed in the cloud and the underlying services used to build them
13
Q
artificial intelligence (AI)
A
the field devoted to helping machines process things in a smart manner; AI involves giving machines the ability to imitate intelligent human behavior
14
Q
asymmetric-key (public-key) encryption
A
a form of encryption that operates by using two keys one public and one private
15
Q
audit planning
A
conducted at the very beginning of the audit process and includes all the steps necessary to ensure the audit is conducted thoroughly, effectively and in a timely fashion
16
Q
audit report
A
a set of documents and artifacts that describe the findings from an audit and explain the audit’s opinion of the system that was examined
17
Q
audit scope
A
a set statement that identifies the focus, boundary and extent of an audit
18
Q
audit scope restrictions
A
a set of restrictions on what an auditor may and may not audit
19
Q
authentication
A
the process of validating a user’s identity
20
Q
authenticator
A
things used to verify a user’s identity
21
Q
authorization
A
the process of granting access to a user based on their authenticated identity and the policies you’ve set for them
22
Q
availability
A
security principle focused on ensuring that authorized users can access required data when and where they need it
23
Q
availability management
A
the process of ensuring that the appropriate people, processes and systems are in place in order to sustain sufficient service availability
24
Q
bandwidth allocation
A
the process of sharing network resources fairly between multiple users that share the cloud network
25
Bastion host
a system that runs outside your security zone that is generally designed to serve a single purpose (such as connecting to the management zone) and has been extremely hardened for enhanced security
26
block box testing
a software testing method in which the internal design of the component being tested is not known by the tester
27
blockchain
a string of digital information that is chained together by cryptography; each block of information contains a cryptographic has of the pervious block, transaction data and a timestamp
28
breakout attack
a hypervisor security flaw that can allow one guest to break out of their virtual machine and manipulate the hypervisor in order to gain access to other cloud tenants
29
broad network access
the cloud characteristic that suggests that cloud computing should make resources and data ubiquitous and easily accessed when and where they're required
30
broken authentication
a vulnerability that allows an attacker to capture or bypass an application's authentication mechanisms; broken authentication allows the attacker to assume the identity of the attacked user, thus granting the attacker the same privileges as that user
31
Building Management System (BMS)
a hardware and software control system that is used to control and monitor a building's electrical mechanical and HVAC systems
32
business continuity (BC)
the policies, procedures and tools you put in place to ensure critical business functions continue during and after a disaster or crisis
33
Canadian digital privacy act
a 2015 Canadian regulation that served as a major update to the long-standing Personal Information Protection and Electronic Documents Act (PIPEDA)
34
capacity management
the process of ensuring that the required resource capacity exists, at all times, to meet or exceed business and customer needs, as defined in SLAs
35
cardholder data
a specific subset of PII that is related to holders of credit or debit cards
36
chain of custody
the process of maintaining and documenting the chronological sequence of possession and control of physical or electronic evidence, from creation until its final use (often presentation in court)
37
change management
an IT discipline focused on ensuring that organizations employ standardized processes and procedures to make changes to their systems and services
38
checksum
a value derived from a piece of data that uniquely identifies that data and is used to detect changes that might have been introduced during storage or transmission
39
cia triad
the three primary security principles: confidentiality, integrity and availability
40
client-side kms
a key management service that is provided by the CSP, but the customer generates, holds and manages the keys
41
cloud access security broker (CASB)
a software application that sits between cloud users and cloud services and applications, while actively monitoring all cloud usage and implementing centralized controls to enforce security
42
cloud application
an application that is accessed via the Internet rather than installed and accessed locally
43
cloud auditor
a cloud service partner who is responsible for conducting an audit of the use of cloud services; the audit may be for general security hygiene, but is often for legal or compliance purposes
44
cloud service
capabilities made available to a cloud user by a cloud provider through a published interface (a management console or command line, for example)
45
Cloud Controls Matrix (CCM)
a meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations; published by the Cloud Security Alliance
46
cloud data portability
the ability to easily move data from one cloud provider to another
47
cloud deployment model
the way in which cloud services are made available through specific configurations that control the sharing of cloud resources with cloud users; the cloud deployment models are public, private, community and hybrid
48
cloud resources
compute, storage and networking capabilities that a cloud provider shares with a cloud user
49
cloud service broker
a cloud service partner who negotiates relationships between cloud service providers and cloud service customers
50
cloud service category
a collection of cloud services that share a common set of features or qualities; cloud service categories are labelled XaaS; the most common cloud service categories are IaaS, PaaS and SaaS
51
cloud service customer
a person or group that is in a business relationship to provision and use cloud services from a cloud service provider
52
cloud service customer data
any data objects under the control of the cloud service customer that were input to the cloud service by the cloud customer or generated by the cloud service on behalf of the cloud customer
53
cloud service derived data
any data objects under the control of the cloud service provider that were derived by interaction of the cloud customer with the cloud service; may include access logs, utilization information and other forms of metadata (data about data)
54
cloud service partner
a person or group that supports the provision, use or other activities of the cloud service provider, the cloud service customer or both
55
cloud service provider (CS)
an entity making cloud services available for use
56
cloud service provider data
any data objects related to the operation of the cloud service that are fully under the control of the cloud service provider; may include cloud service operational data, information generated by the cloud service provider to provide services, and similar data not owned or related to any specific cloud customer
57
cloud service user
a person or entity (which may be a device, for example) that uses cloud services on behalf of the cloud service customer
58
colocation datacenter
a shared datacenter that leases out equipment and bandwidth to companies
59
common criteria
a set of guidelines that establishes processes for products to be evaluated by independent laboratories to determine their level of security
60
community cloud
a cloud deployment model where cloud services are provided to a group of cloud service customers with similar requirements; it is common for a least one member of the community to control the cloud resources for the group
61
confidentiality
security principle that entails limiting access to data to authorized users and systems; in other words, confidentiality prevents exposure of information to anyone who is not an intended party
62
configuration management
the process of tracking and controlling configuration changes to systems and software
63
containers
a cloud technology that involves logically decoupling an application from its environment so that the containerized application can be developed, deployed and run consistently in different environments (public cloud, private cloud or personal laptop)
64
continual service improvement management
a lifecycle of constantly improving the performance and effectiveness of IT services by collecting data and learning from the past
65
continuity management
the process of ensuring that a CSP is able to recover and continue providing service to its customers, even amidst security incidents or during times of crisis
66
contract management
the process of managing contract negotiation, creation and execution to reduce risk and maximize performance
67
control plane
the part of the cloud environment that carries information necessary to establish and control the flow of data through the cloud; enables management of the cloud's infrastructure and data security
68
cross-site scripting (XSS)
a specific variant of an injection attack that targets web applications by injecting malicious code
69
crypto-shredding
the process of encrypting data and then destroying the keys so that the data cannot be recovered
70
cryptographic module
any hardware, software
71
Cryptography
the science of encrypting and decrypting information to protect its confidentiality and/or integrity
72
cryptojacking
a form of malware that steals computing resources and uses them to mine for Bitcoin or other cryptocurrencies
73
cryptoprocessor
a dedicated chip that carries out cryptographic operations
74
dashboard
a single graphical view of multiple alerts and datapoints
75
data archiving
the process of removing information from production systems and transferring it to other, longer term storage systems
76
data-at-rest
data that is stored on a system or device and not actively being read, written to, transmitted or processed
77
data breach
an incident that occurs when an unauthorized party gains access to confidential or protected data; this access can include any type of data, with the key factor being the fact that it is viewed, retrieved or otherwise accessed by someone who shouldn't have access
78
data classification
the process of categorizing and organizing data based on level of sensitivity or other characteristics
79
data custodian (data processor)
an individual that process the data on behalf of the data owner; the data custodian is responsible for adhering to the data owner's established requirements for using and securing the data and must process the data in accordance with the data owner's established purposes
80
data de-identification
the process of removing information that can be used to identify a specific individual from a dataset
81
data dispersion
the process of replicating data throughout a distributed storage infrastructure that can span several regions, cities or even countries around the world
82
data-in-transit (data-in-motion)
data that is actively being transmitted across a network or between multiple networks
83
data-in-use
information that is actively being processed by an application
84
data localization law 526-fz
a Russian law established in 2015 that mandates that all personal data of Russian citizens be stored and processed on systems that are located within Russia
85
data loss prevention (DLP)
a set of technologies and practices used to identify and classify sensitive data, while ensuring that sensitive data is not lost or accessed by unauthorized parties
86
data owner (data controller)
the individual who holds the responsibility for dictating how and why data is used, as well as determining how the data must be secured
87
data portability
the ability to easily move data from one system to another, without needing to re-enter the data
88
data retention policy
an organization's established set of rules around holding on to information
89
data subject
the person whose data is being used
90
data tampering
an attack on the integrity of data by intentionally and maliciously manipulating data
91
decryption
the process of using an algorithm (or cipher) to convert ciphertext into plaintext (or the original information)
92
defense-in-depth
applying multiple, distinct layers of security technologies and strategies for greater overall protection
93
degaussing
a data erasure method that involves using strong magnets to destroy data on magnetic media like hard drives
94
deserialization
reconstructing a series of bytes into its original format (like a file)
95
digital forensics
a branch of forensic science that deals with the recovery, preservation and analysis of digital evidence associated with cybercrimes and computer incidents
96
digital rights management (DRM)
processes focused on protecting intellectual property throughout its distribution lifecycle
97
digital signature
a piece of information that asserts or proves the identity of a user using public-key encryption
98
direct identifiers
pieces of information that can be used on their own to identify an individual; SSN is a perfect example of this, because there is a 1:1 assignment of Social Security Number to human being
99
directory service
a relational hierarchy of cloud identities that manages the storage and processing of information, an acts as the single point through which cloud users can locate and access cloud resources
100
disaster recover (DR)
a subset of business continuity focusing on recovering you IT systems that are lost or damaged during a disaster
101
distributed denial of service (DDoS)
a coordinated attack by multiple compromised machines causing disruption to a system's availability
102
distributed IT model
a computing model in which components of your information systems are shared among multiple computers and locations to improve performance and efficiency
103
distributed resource scheduling (DRS)
a feature that enables clustered environments to automatically distribute workloads across physical hosts in the cluster
104
domain name system security extensions (DNSSEC)
a set of security extensions to standard DNS that support the validation of the integrity of DNS data; DNSSEC can help prevent DNS hijacking, DNS spoofing and man-in-the-middle attacks
105
durability
the concept of using data redundancy to ensure that data is not lost, compromised or corrupted
106
Dynamic Application Security Testing (DAST)
also known as dynamic code analysis, this form of testing involves assessing the security of code during its execution
107
Dynamic Host Configuration Protocol
a protocol that assigns and manages IP addresses, subnet masks, and other network parameters to each device on a network
108
dynamic masking
the process of masking sensitive data as it is used in real-time, rather than creating a separate masked copy of the data
109
dynamic optimization (DO)
the automated process of constantly reallocating cloud resources to ensure that no physical host or its resources become overutilized while other resources are available or underutilized
110
e-discovery (electronic discovery)
the process of electronic data being collected, secured and analyzed as part of civil or criminal legal cases
111
Electronic Discovery Reference Model (EDRM)
a model that provides an overall look at the e-Discovery process
112
encryption
the process of using an algorithm (or cipher) to convert plaintext (or the original information) into cipher text
113
ephemeral storage
temporary storage that accompanies more permanent storage
114
Evaluation Assurance Levels (EAL)
a numeric score that is assigned to a product to describe how thoroughly it was tested during the Common Criteria process
115
event
an observable occurrence in a system or network
116
factor
an individual method that can be used to authenticate an identity
117
federated identity
the act of linking a user's (or system's) identity on one system with their identity on one or more other systems
118
federation
the process of linking an entity's identity across multiple separate identity management systems, like on-prem and cloud systems
119
filtering
the process of selectively allowing or denying traffic or access to cloud resources
120
FIPS 140-2
a US government standard and program that assesses and validates the security of cryptographic modules
121
firewall
a hardware or software system that monitors and controls inbound and outbound network traffic
122
full-scale test
a business continuity/disaster recovery test that involves shutting down all operations at the primary location and shifting the to the BCDR site; the only type of test that provides a complete view of what would happen during a disaster
123
functional policies
policies that set guiding principles for individual business functions or activities
124
functional testing
a type of software testing that evaluates individual functions, features or components of an application rather than the complete application as a whole
125
gap
any deviation between what was discovered during the audit and the requirements in those standards/regulations/laws
126
gap analysis
a comparison of actual results with desired results
127
general data protection law (LGPD)
a Brazilian law that was published in 2018 and modeled after GDPR; it establishes standards for managing the privacy of Brazilian citizen personal data
128
General Data Protection Regulation (GDPR)
considered by most to be the world's strongest data privacy law; replaced the EU's 1995 Data Protection Directive with hundreds of pages of regulations that require organizations around the world to protect the privacy of EU citizens
129
Generally Accepted Privacy Principles (GAPP)
a privacy framework that was published in 2009 by a Privacy Task Force created by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)
130
governance
the policies, procedures, roles and responsibilities in place to ensure security, privacy, resiliency and performance
131
Gramm-Leach-Bliley Act (GLBA)
aka the Financial Modernization Act of 1999, a US federal low that requires financial institutions to safeguard their customer's PII
132
Hardware Security Model (HSM)
a physical device that safeguards encryption keys
133
hashing
the process of taking an arbitrary piece of data and generating a unique string or number of fixed-length from it
134
health insurance portability and accountability act (HIPPA)
a law passed in 1996 that established minimum standards for protecting a patient's privacy and regulates the use and disclosure of individuals' health information, referred to as Protected Health Information (PHI)
135
honeypot
a decoy system that mimics a sensitive system in order to lure attackers away from the legitimate target
136
host cluster
a group of hosts that are physically or logically connected in such a way that they work together and function as a single host
137
host-based DLP
data loss prevention that involves installation of a DLP application on a workstation or other endpoint device
138
hybrid cloud
a cloud deployment model that uses a combination of at least two different cloud deployment models (public, private or community)
139
https
TLS over HTTP - the gold standard for protecting web communications
140
hypervisor
a computing layer that allows multiple operating systems to run simultaneously on the same piece of hardware, with each operating system seeing the machine's resources as its own dedicated resources
141
identification
the process by which you associate a system or user with a unique identity or name, such as a username or email address
142
IAM
the sum of all the technologies, processes, and personnel that are responsible for controlling access to resources
143
identity provider
a trusted third-party organization that stores user identities and authenticates your credentials to prove your identity to other services and applications
